CyberSec.Space Logo
Back to CVE Browser

CVE-2020-11972

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0960%
EPSS Percentile27.50th
PublishedMay 14, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Affected Platforms (CPE)

πŸ“¦
Apache

Camel

>= 2.22.0 and <= 2.25.0
πŸ“¦
Apache

Camel

>= 3.0.0 and <= 3.1.0
πŸ“¦
Oracle

Communications Diameter Signaling Router

>= 8.0.0 and <= 8.2.2
πŸ“¦
Oracle

Enterprise Manager Base Platform

= 13.3.0.0
πŸ“¦
Oracle

Enterprise Manager Base Platform

= 13.4.0.0
πŸ“¦
Oracle

Flexcube Private Banking

= 12.0.0
πŸ“¦
Oracle

Flexcube Private Banking

= 12.1.0

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2020/05/14/10
πŸ”— http://www.openwall.com/lists/oss-security/2020/05/14/8
πŸ”— https://camel.apache.org/security/CVE-2020-11972.html
πŸ”— https://www.oracle.com/security-alerts/cpujan2021.html
πŸ”— https://www.oracle.com/security-alerts/cpuoct2020.html
πŸ”— http://www.openwall.com/lists/oss-security/2020/05/14/10
πŸ”— http://www.openwall.com/lists/oss-security/2020/05/14/8
πŸ”— https://camel.apache.org/security/CVE-2020-11972.html

Related Vulnerabilities

CVE-2005-01029.8

Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execut...

CVE-2010-20769.8

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Ch...

CVE-2020-119739.8

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are aff...

CVE-2015-53449.8

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary com...